Windows Networking 101: (Part2)
Internet Connection Security for Windows Users
by Steve Gibson, Gibson Research Corporation

The networking technology built into Windows was designed to operate on small local area networks (LANs) where some amount of inter-system trust could be assumed. When the Internet happened this local area networking technology was quickly made to go global — though it was inappropriate for the job.

You have probably encountered the term LAN, which stands for Local Area Network. The operative term here is LOCAL because the networking technology incorporated into Windows — called NetBIOS and NetBEUI and first designed more than fourteen years ago by IBM — received its first broad exposure in Microsoft's MS-Net product and then more widely in Windows for Workgroups. NetBIOS and NetBEUI were designed to run on small LOCAL area networks. It was created way back before the Internet happened and it was meant to be used within corporations, small workgroups, and homes where everyone with access to the computers on the LAN is playing on the same team.

As Microsoft's own Windows for Workgroups Resource Kit says:


The primary protocol used by Windows for Workgroups is called NetBEUI
(NetBIOS Extended User Interface). This protocol was first introduced by
IBM in 1985. NetBEUI is a small and efficient protocol designed for use
on a departmental LAN of 20 to 200 workstations. (page 1-32)


Well, I couldn't have said that better myself. Windows networking technology is based upon NetBIOS and NetBEUI, which were NEVER designed to go global. It wasn't ever meant to cope with foreign agents, competitors, pissed off ex-employees, previously significant others, or malicious teenage computer vandals with too much time on their hands. But when you hook your Windows-based computer to the Internet, this is precisely who has access to your machine! (For some background on NetBIOS/NetBEUI and why they aren't designed for the Internet click the TechZone link below.)


TechZone — Why shouldn't NetBIOS go global?


Truth & Consequences . . .

The Internet is incredibly powerful because it allows YOU to connect to Internet Resources located anywhere in the world. When you browse the web your web browser is connecting to web servers running on other people's machines and reading HTML files that have been prepared for you. But what you haven't been told is that this Internet connectivity is entirely reciprocal! As easily and effortlessly as you're able to connect to any other server on the Internet, anyone else's computer can connect to yours! It's true. I created this web site to demonstrate exactly this fact, to explain it, and to help you deal with the consequences.

The problem is that file and printer sharing services function by turning any PC wanting to share its files into a file and printer server. When this trusting and sharing computer is connected to a network, this service is naturally extended and made available to the all the other computers which are also connected to the network. But when that network is THE INTERNET, suddenly your computer is literally offering its files to every other computer in the world!

How Did This Happen?. . .

The first cause: Most home computer users never bother to password protect their own computer resources. It's annoying to have to logon to your own computer every time you want to use it or to provide a password when connecting to a shared directory. So the vast majority of PC users have left their passwords blank to make using their computers easier and quicker. But this means that anyone else on the same network — and that means THE ENTIRE INTERNET if your computer is connected to it! — can share your computer's resources by using the same BLANK password!

Windows NetBIOS networking technology does not require any sort of authorization to ask for and receive any computer's private networking names, including the name of the current logged-on user, the computer's own name and its workgroup. Such information is considered highly valuable to anyone preparing a break-in and is often used as a starting point by computer vandals planning an attack.

Secondly, it's much easier for most users if everything is turned on and just works on a PC. So most options are automatically set ON until you turn them OFF — even if you don't need them.

You may be amazed to learn . . .

. . . that the whole of Microsoft's Network Neighborhood (and the Client for Microsoft Networks which lies behind the icon), are completely unneeded for any use of the Internet! They are installed automatically and needlessly. They slow down your computer's startup and its operation once started. They consume precious RAM memory and critically reduce your computer's security whenever it's connected to the Internet!


As you will see on the Network Bondage page here, it's easy to discipline the Client for Microsoft Networks to greatly enhance the security of your computer's connection to the Internet.

While Microsoft's networking client is installed, a default setting which would have protected many millions of computers if it were normally set to OFF instead of ON is TCP/IP File and Printer Sharing. We already know how useful it is to share files and printers among the machines on our LOCAL networks. But binding the NetBIOS protocol to the TCP/IP protocol with this setting automatically extends your computer's file sharing services out across the entire Internet. (The Network Bondage page also provides a clear explanation of changing this setting if you need or wish to retain the Client for Microsoft Networks but want to prevent Internet intruders from gaining access to your computer.)


Note that recent versions of Windows present a warning message that appears during the installation of the Windows TCP/IP protocol. The message warns users about the dangers of sharing the computer's files over the Internet. But most computers arrive pre-configured, or they're upgraded from previous versions, so this message is rarely seen. (And, frankly, even when the message does appear, most people don't fully appreciate the danger that it implies.)


So the happy and casual home computing user, who has never had much to worry about, and who never bothered with password protecting his own personal computer's logon or shared resources, simply connects his machines up to the Internet . . .


Wow, look how fast I can browse!!! This is great!!!
Yes . . . But now anyone who happens to be passing by on the Information Superhighway can take a pit stop at your machine to wreak any havoc they choose!

The contents of this page are Copyright (c) 2003 by Gibson Research Corporation.
SpinRite, ChromaZone, ShieldsUP, NanoProbe, the iconic cartoon character 'Moe',
and the slogan It's MY Computer are registered trademarks of Gibson Research
Corporation (GRC), Laguna Hills, CA, USA. GRC's web and customer privacy policy.